package com.itheima.web.filters;

import org.apache.commons.lang3.StringUtils;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @program: mm
 * @description:
 * @author: zhanghz001
 * @create: 2020-10-18 14:56
 **/
@WebFilter("/*")
public class AuthorFilter implements Filter {
    private FilterConfig filterConfig;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = null;
        HttpServletResponse response = null;
        try {
            //转换协议相关对象
            request = (HttpServletRequest) servletRequest;
            response = (HttpServletResponse) servletResponse;

            //获取本次操作
            String uri = request.getRequestURI();
            String queryString = request.getQueryString();
            if (uri.endsWith(".css")
                    || uri.endsWith(".js")
                    || uri.endsWith(".png")
                    || uri.endsWith(".jpg")
                    || uri.endsWith("index.jsp")
                    || uri.endsWith("login.jsp")
                    || uri.endsWith("unauthorized.jsp")) {
                //放行
                filterChain.doFilter(request, response);
                return;
            }
            if (StringUtils.isNotBlank(uri) && StringUtils.isNotBlank(queryString)) {

                if (queryString.endsWith("operation=login")
                        || queryString.endsWith("operation=home")
                        || queryString.endsWith("operation=logout")) {
                    //放行
                    filterChain.doFilter(request, response);
                    return;
                }
                //获取到url: /system/dept
                String url = uri.substring(1);
                //获取到查询参数
                int index = queryString.indexOf("&");
                if (index != -1) {
                    queryString = queryString.substring(0, index);
                }
                //uri: /system/user
                // url: system/user
                //
                // System.out.println(uri);
                // System.out.println(url);
                // System.out.println(queryString);
                // url: system/user?operation=login
                url = url + "?" + queryString;
                System.out.println(url);
                System.out.println("==============");
                //2.获取到当前登录人允许的操作
                Object o = request.getSession().getAttribute("authorStr");
                if (o == null) {
                    //没有权限或者没有登录,一般是没有登录,跳转登录页面
                    response.sendRedirect(request.getContextPath() + "/login.jsp");
                    return;
                }
                String authorStr = o.toString();
                filterChain.doFilter(request, response);
                //3.1如果允许，放行
                // if (authorStr.contains(url)) {
                //
                //     //放行
                //     filterChain.doFilter(request, response);
                // } else {
                //
                //     //3.2不允许跳转到非法访问页
                //     response.sendRedirect(request.getContextPath() + "/unauthorized.jsp");
                // }
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {

        }

    }

    @Override
    public void destroy() {

    }
}
